def collections_user_has_any_permission_for(self, user, actions): """ Return a queryset of all collections in which the given user has permission to perform any of the given actions """ if user.is_active and user.is_superuser: # active superusers can perform any action (including unrecognised ones) # in any collection return Collection.objects.all() elif not user_is_authenticated(user): return Collection.objects.none() elif 'change' in actions or 'delete' in actions: # return collections which are covered by either 'add' or 'change' permissions # (since collections with 'add' permissions can *potentially* contain instances # they own and can therefore edit) return self._collections_with_perm(user, ['add', 'change']) elif 'add' in actions: return self._collections_with_perm(user, ['add']) else: # action is not recognised, and so non-superusers # cannot perform it on any existing collections return Collection.objects.none()
def instances_user_has_any_permission_for(self, user, actions): if user.is_active and user.is_superuser: # active superusers can perform any action (including unrecognised ones) # on any instance return self.model.objects.all() elif not user_is_authenticated(user): return self.model.objects.none() elif 'change' in actions or 'delete' in actions: # return instances which are: # - in (a descendant of) a collection for which they have 'change' permission # - OR in (a descendant of) a collection for which they have 'add' permission, # and are owned by them change_perm_filter = Q(collection__in=list( self._collections_with_perm(user, ['change']))) add_perm_filter = Q(collection__in=list( self._collections_with_perm(user, ['add']))) & Q( **{self.owner_field_name: user}) return self.model.objects.filter(change_perm_filter | add_perm_filter) else: # action is either not recognised, or is the 'add' action which is # not meaningful for existing instances. As such, non-superusers # cannot perform it on any existing instances. return self.model.objects.none()
def instances_user_has_any_permission_for(self, user, actions): """ Return a queryset of all instances of this model for which the given user has permission to perform any of the given actions """ if not (user.is_active and user_is_authenticated(user)): return self.model.objects.none() elif user.is_superuser: return self.model.objects.all() else: # filter to just the collections with this permission return self.model.objects.filter(collection__in=list( self._collections_with_perm(user, actions)))
def collections_user_has_any_permission_for(self, user, actions): """ Return a queryset of all collections in which the given user has permission to perform any of the given actions """ if user.is_active and user.is_superuser: # active superusers can perform any action (including unrecognised ones) # in any collection return Collection.objects.all() elif not user_is_authenticated(user): return Collection.objects.none() else: return self._collections_with_perm(user, actions)
def login(request): if user_is_authenticated(request.user) and request.user.has_perm( 'tuiuiuadmin.access_admin'): return redirect('tuiuiuadmin_home') else: from django.contrib.auth import get_user_model return auth_views.login( request, template_name='tuiuiuadmin/login.html', authentication_form=forms.LoginForm, extra_context={ 'show_password_reset': password_reset_enabled(), 'username_field': get_user_model().USERNAME_FIELD, }, )
def _check_perm(self, user, actions, collection=None): """ Equivalent to user.has_perm(self._get_permission_name(action)) on all listed actions, but using GroupCollectionPermission rather than group.permissions. If collection is specified, only consider GroupCollectionPermission records that apply to that collection. """ if not (user.is_active and user_is_authenticated(user)): return False if user.is_superuser: return True collection_permissions = GroupCollectionPermission.objects.filter( group__user=user, permission__in=self._get_permission_objects_for_actions(actions), ) if collection: collection_permissions = collection_permissions.filter( collection__in=collection.get_ancestors(inclusive=True)) return collection_permissions.exists()
def user_has_any_permission(self, user, actions): return user_is_authenticated(user) and user.is_active